New issue
Advanced search Search tips

Issue 813692 link

Starred by 1 user
Status: WontFix
Owner:
bashi@chromium.org
Closed: Mar 2018
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Indirect-leak in content::WebURLLoaderImpl::WebURLLoaderImpl

Project Member Reported by ClusterFuzz, Feb 20 2018 
Detailed report: https://clusterfuzz.com/testcase?key=6748850438799360

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: Indirect-leak
Crash Address: 
Crash State:
  content::WebURLLoaderImpl::WebURLLoaderImpl
  content::WebURLLoaderImpl::WebURLLoaderImpl
  content::WorkerFetchContextImpl::URLLoaderFactoryImpl::CreateURLLoader
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=505014:505082

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6748850438799360

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
Project Member

Comment 1 by ClusterFuzz, Feb 20 2018

Components: Blink>ServiceWorker Internals>Core
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Feb 20 2018

Labels: Test-Predator-Auto-Owner
Owner: tzik@chromium.org
Status: Assigned (was: Untriaged)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/3cf20755524bfd9ccd9d9c4eee2540cdb3252ccb (Replace RefPtr<>::Get() with get() in platform/).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Comment 3 by tzik@chromium.org, Feb 20 2018

Labels: Test-Predator-Wrong-CLs
Owner: ----
Status: Untriaged (was: Assigned)

Comment 4 by bashi@chromium.org, Feb 20 2018 

This looks similar to  issue 807754  (which is suppressed) but this is happening while running layout tests. Are workers supposed to shut down gracefully when we run layout tests?

Comment 5 by falken@chromium.org, Feb 20 2018 

I think it'd always been a bit iffy, see also issue 586897. Workers are probably terminated gracefully but some of the associated memory might not be fully freed.

Comment 6 by bashi@chromium.org, Feb 20 2018 

 Issue 590802  may be related too. Just took a quick look at WorkerBackingThread and noticed that we don't run GC after worker termination on production. This may explain why WebURLLoaderImpl is leaked as ResourceLoader frees |loader_| in Dispose(). Probably this WAI. I'm not sure how to suppress this.

Comment 7 by falken@chromium.org, Feb 23 2018

Owner: bashi@chromium.org
Status: Assigned (was: Untriaged)
I'm not sure how to add a suppression for this either. Maybe we should just WontFix if it looks hard to figure out.
Project Member

Comment 8 by ClusterFuzz, Mar 15 2018

Status: WontFix (was: Assigned)
ClusterFuzz testcase 6748850438799360 is flaky and no longer crashes, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment